netatalk -- arbitrary command execution in papd daemon

Details

A vulnerability has been reported in Netatalk, which potentially
can be exploited by malicious users to compromise a vulnerable system.

The vulnerability is caused due to the papd daemon improperly
sanitising several received parameters before passing them in a call
to popen(). This can be exploited to execute arbitrary commands via
a specially crafted printing request.

Successful exploitation requires that a printer is configured to
pass arbitrary values as parameters to a piped command.